我想将 SVN 访问权限授予特定 LDAP (AD) 组 (svn_access),此配置在旧服务器上有效,但在新服务器上无效。我的配置
<Location />
DAV svn
SVNParentPath /var/www/html/svn/
SVNListParentPath on
AuthType Basic
AuthName "SVN Server"
AuthBasicProvider ldap
AuthLDAPURL "ldap://yy.yy.yy.yy/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "[email protected]"
AuthLDAPBindPassword "PASSWORD"
Require ldap-group CN=svn_access,OU=SVN,DC=domain,DC=com
AuthzSVNAccessFile /etc/subversion/svn_auth
</Location>
SVN 日志
AH01626: authorization result of Require ldap-group CN=svn_access,OU=SVN,DC=domain,DC=com: denied (no authenticated user yet)
AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
AH01691: auth_ldap authenticate: using URL ldap://yy.yy.yy.yy/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)
AH01697: auth_ldap authenticate: accepting tat
Path to authz file is /etc/subversion/svn_auth
Access granted: 'tat' OPTIONS REPO1:/
问题是它接受 AD 中的任何用户,即使该用户不在“svn_access”组中。谢谢帮助。